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Box No. I Basis of the report 



1. With regard to the language, this report is based on the international application in the language in which it was tiled, unless 
otherwise indicated under this item. 

□ This report is based on a translation from the original language into the following language , 

which is the language of a translation furnished for the purposes of: 

CD international search (under Rules 1 2.3 and 23. 1 (b)) 

f^] publication of the international application (under Rule 12.4) 

1 2i international preliminary examination (under Rules 55.2 and/or 55.3) 

2. With regard to the elements of the international application, this report is based on (replacement sheets which have been 
furnished to the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" 
and are not annexed to this report): 

| the international application as original ry filed/furnished 
[X] the description: 

pages 1-10 as originally filed/furnished 

pages* received by this Authority on 

pages* received by this Authority on 

Qx] the claims: 

pages ________________ ^ origirwlly filed/furnished 

pages* as amended (together with any statement) under Article 1 9 

pages* 1-5 received by this Authority on 13-04-2005 

pages* received by this Authority on 

\X\ the drawings: 

pages 1-2 as originally filed/furnished 

pages* received by this Authority on 

pages* received by this Authority on 

| | a sequence listing and/or any related table(s) - see Supplemental Box Relating to Sequence Listing. 

3. Q The amendments have resulted in the cancellation of: 

I I the description, pages 

the claims, Nos. 



the drawings, sheets/figs 



□ 
□ 

the sequence listing (specify): 

any table(s) related to the sequence listing (specify): 



4. Q This report has been established as if (some of) the amendments annexed to this report and listed below had not been 
made, since they have been considered to go beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 
70.2(c)). 

□ 

the description, pages 

□ 

the claims, Nos. 

□ 

the drawings, sheets/figs __ 

1 1 the sequence listing (specify): 

I I any table(s) related to the sequence listing (specify): 
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Box No. V . Reasoned statement under Article 35(2) with regard to novelty, Inventive step or industrial applicability; 
citations and explanations supporting such statement 


:: 


1. Statement 




1: 


Novelty (N) Claims 1 - 2 0 


YES 


\\- 

|: 


Claims 


NO 


j! 


Inventive step (IS) Claims 2-14. 16-20 


YES 




Claims l . is 


NO 


\ 


Industrial applicability (IA) Claims 1-20 


YES 


;-. 
:"• 
:'• 


Claims 


NO 


•\ 

\\ 
]}} 
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2. Citations and explanations (Rule 70.7) 




1 

i 


This report concerns the new claims which were received on 13- 
04-2005. 

The application is concerned with a problem how to increase 
the safety level of a controller for control of real -world 
objects without adding to much complexity to the control 



system. 

Documents cited in the International Search Report: 

Dl. DB 10025085 Al 
D2. EP 0905594 Al 
D3. WO 9323270 Al 

Dl, which is considered to represent the most relevant state 
of the art, discloses a module which connects to a machine. 
The module controls safety related functions in the machine. 
Different programs can be downloaded to the module through a 
local are network (see abstract and claim 1) . Thus, it is 
known by Dl to: 

• Connect a security module to a machine. 

• Download security related program to the module. 

• Configure the module according to a downloaded program 
and use the module for controlling the functions of the 
machine . 

D2 and D3 are background art documents and are not considered 
to be of particular relevance. 
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Supplemental Box 



In case the space in any of the preceding boxes is not sufficient 

Continuation of: BOX V 

Claims 1 and 15: 

The new claims 1 and 15 differ from the original claims 1 and 
15 in that the control system is defined as a 1-channel 
system. The system in Dl has a 2-channel structure. However, 
this difference is not considered to confer any element of 
inventive significance regarding the art known from Dl. Thus, 
the invention according to the independent claims 1 and 15 is 
considered to lack an inventive step. The invention according 
to these claims is industrially applicable. 

Claims 2-14 and 16-20: 

The invention according to these claims is considered to be 
novel and to include an inventive step. The invention 
according to claims 2-14 and 16-20 is also considered to be 
industrially applicable . 
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1 . A method to increase the safety integrity level of a 
Controller (10) for control of real world objects, 
5 characterized by, 

- attaching to the said single (1-channel) Controller 
(10) a safety-hardware unit (11) wherein the safety- 
hardware unit (11) communicates with the said 

i Controller's CPU, 

10 - downloading safety- related configuration data and/or 
diagnostic information to the attached safety-hardware 
unit (11) and downloading the control function software 

| to the Controller (10), 

If - configuring the attached safety-hardware unit (11) to 

15 execute logic, which depends on the downloaded safety- 
related configuration data and/or diagnostic information, 
and in an active or passive way set the Controller's (10) 
output values to a safe state for online safety control. 

•■J 

20 2. A method according to claim 1, 
I characterized in that 

| the Controller (10) have the capability of executing a 

| set of non-safety critical control functions, which set 

of non-safety critical control functions is the same 
25 before as well as after the safety hardware unit (11) is 

attached. 



3 . A method according to claim 2 , 
characterized in that 
30 the configuring step comprise the additional steps of 
- downloading to the attached safety hardware unit (11) 
diagnostic information, which previously was 
automatically generated by a software tool as a result of 
user's configuration of the Controller (10) and which 
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diagnostic information is used in the attached safety 
hardware unit (11) during safety critical control. 

4. A method according to any previous claim, 
5 characterized in that 

access to a plurality of input and output values of a 
real world object is obtained through a bus (14) 
connected between the Controller (10) and to an 
input/output unit (15) and the validity of the bus (14) 
10 communication is verified in the attached safety hardware 
unit (11) . 

5. A method according to any previous claim, 
characterized in that 

15 the timing supervision of the Controller (10) is verified 
in the attached safety hardware unit (11) . 

6. A method according to any previous claim, 
characterized in that 

20 correct sequence of code logic is verified in the 
attached safety hardware unit (11) . 

7 . A method according to any previous claim, 
characterized in that 

25 correctness of memory content of the controller (10) is 
verified in the attached safety hardware unit (11). 

8. A method according to any previous claim, 
characterized in that 

30 a download of new control functionality logic to the 
Controller is verified in the attached safety hardware 
unit (11) . 
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9. A method according to any previous claim, 
characterized in that 

the attached safety hardware unit (11) performs checks in 
order to allow only users logged on as safety classified 
5 engineers and safety classified operators to modify the 
control functionality logic and parameters. 

10. A method according to claim 4, 
characterized in that 

10 the bus (14) communication verification logic in the 
attached safety hardware unit (11) is implemented 
diverse. 

11. A method according to claim 4, 
15. characterized in that 

the attached safety hardware unit 11 is diverse 
generating a safety related header for the bus (14) 
communication . 

20 12. A method according to claim 11, 
characterized in that 

the Input /Output unit (15) has two diverse 
implementations each verifying the correctness of the bus 
(14) traffic and each generating a safety related header 
25 for the bus communication. 

13 . A method according to any previous claim, 
characterized in that 

the attached safety hardware unit comprise a first and a 
30 second module in a redundant configuration, the second 
module is updated with data that exists in the first 
module at the time of a failure and the second module 
takes over the safety related control of the control 
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system from the first module if a failure of the first 
module is detected. 

14. A method according to claim 13/ 
5 characterized in that 

the a redundant Controller unit is attached to the 
Controller (10), which takes over in case of a failure of 
a primary Controller and the redundant Controller unit 
establish communication with either the active first 
10 module or the active second module of the attached safety 
hardware unit. 

15. A single or 1-channel Control System (20) intended 
for safety-related control of real-world objects, 

15 characterized in that, 

- a single main CPU handling the main processes of a 
Controller (10), 

- an attached safety-hardware unit (11) comprising means 
to increase the safety- integrity level of the Controller 

20 and comprising means to set the Controller's output 
values in a safe state for online safety control. 

16. A Control System according to claim 15, 
characterized in that 

25 the Controller (10) have the capability of executing a 
set of non-safety critical control functions, which set 
of non-safety critical control functions is the same 
before as well as after the safety hardware unit is 
attached. 

30 

17. A Control System according to claim 16, 
characterized in that it comprises, 

- means for downloading to the attached safety hardware 
unit diagnostic information, which previously was 
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automatically generated by a software tool as a result of 
user's configuration of the Controller and which 
diagnostic information is used in the attached safety 
hardware unit during safety critical control. 

5 

18. A Control System according to claim 17, 
characterized in that it comprises 

- an input /output unit (15) connected to the Controller 
(10) by a bus and the validity of the bus (14) 
10 communication is verified in the attached safety hardware 
unit . 

19. A Control System according to claim 18, 
characterized in that 

15 the bus (14) communication verification logic in the 
attached safety hardware unit (11) is implemented 
diverse . 

20. A Control System according to claim 19, 
20 characterized in that 

the attached safety hardware unit (11) is diverse 
generating a safety related header for the bus (14) 
communication . 
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